Nice work! You’ve added columns to the users table and ran a migration to update the database.
What’s the password_digest
column for? When a user submits their password, it’s not a good idea to store that password as is in the database; if an attacker somehow gets into your database, they would be able to see all your users’ passwords.
One way to defend against this is to store passwords as encrypted strings in the database. This is what the has_secure_password
method helps with - it uses the bcrypt algorithm to securely hash a user’s password, which then gets saved in the password_digest
column.
Then when a user logs in again, has_secure_password
will collect the password that was submitted, hash it with bcrypt, and check if it matches the hash in the database.
Instructions
Now that the models are set up, let’s move on to the rest of the request/response cycle and create the controllers, routes, and views needed for the signup machinery.
Generate a controller named Users.
In the routes file, add these routes:
get 'signup' => 'users#new' resources :users
Next, in the Users controller add the new
action.
def new @user = User.new end
Then in app/views/users/new.html.erb, on line 7, use form_for
to create a form with the fields of the @user
object.
Look back at our Rails exercise on web templating for an example on how to use form_for
in your code.
We’ve provided CSS in app/assets/stylesheets/application.css.
Start the Rails server.
Then visit http://localhost:8000/signup
to preview the signup page in the browser.
The form won’t work just yet, we’ll finish it up next.